[Release] Every other shot goes through walls

Reason this is in a whole new topic instead of that other topic is because
this incorporates something different than a simple edit.
(its still not very different though)

The main release is 'every other shot goes through walls,'
and i'll show you how to use this nifty little modification.


First, download my injector (http://phytress.digital-haze.net/RE/ASMIJ/ASMInjector.exe)

Then open the following link in your web browser: http://phytress.digital-haze.net/RE/ASMIJ/CS/

Two modifications are in there, one is called HPJ.asmij, and STW.asmij

HPJ is just a simple little test sample I made to mess around with cave story,
download that if you want 9999HP and unlimited jetpack.

STW is the "shoot through walls every other time you shoot" modification.


Download whichever you want (note the HPJnotes, and STWnotes files contain info on how to use them), and make sure the files are in the same
folder as the injector.



Ok, these releases are for cave story deluxe package (1.0.0.6).



1) Fire up cave story, and also start my injector program.
2) Once both applications are running, doesn't matter when you start the other, you should have a window that looks like this on the injector:

OpcodeInjector, All your base are belong to OpethWC/Phytress

Program functions
T: Target process
L: Exit Program

3) Type in the letter 'T' and hit enter.
4) It will ask you for a process name, enter doukutsu.exe
5) A couple of new options should have appeared, this is what my window looks like how.

Unique (ASMInjector) file version for this process
00000| 93 BB C7 74 FF 6C CE BF FC 89 05 4C 03 28 6B 75 |ô╗╟t l╬┐ⁿë.L.(k

X: Terminate Process
I: Allocate and Inject file
A: Inject file at specific location
D: Dump memory at specific location

6) Your unique ID may be different, and if it is, then you might be on the wrong version of cave story. Might. OK, type in the letter i, (you know, the letter that sounds like EYE), and hit enter.
7) It will ask you to enter a file name. Let's assume youre using the STW.asmij file for now, i will discuss the HPJ.asmij file later. Well, enter STW.asmij and hit enter.
8) It should say the following:

Memory Written (14)
00000| 8B 90 50 F0 48 00 83 B0 50 F0 48 00 04 90       |dsfjdsfsdfsd

Press any key.

9) Press any key (I press enter, I dunno why)
10) Two new options should have come up, my screen looks like this now:

Currently allocated and written at 27459584
E: Execute injected assembly
H: Hook call at region

11) Note, your numbers might be different. Ok, type in the letter h (like horse), and hit enter.
12) It will ask you if it is a jump, or call. Since "STWnotes.txt" says jump, thats what we will do. We shall enter 'n' for jump.
13) It will ask if you want to enable relative return, type in y for yes and hit enter.
14) Now it's asking for the locale, and our STWnotes.txt tells us that the locale is 4210778. Well, type in those numbers and hit enter
15) The shift memory size is 0, so type in 0, and hit enter
16) The apply nop size is 6, so type in 6, and hit enter

17) It will say "success." Now, Press any key (I press enter). Go back to our game (I use windowed mode, so its easy for me n.n) and try it out. Note that every other shot will hit the wall, the rest will go through walls.



HPJ.asmij is even easier. Let's start at step 6
6) Type in the letter i (like EYE) and hit enter.
7) type in HPJ.asmij and hit enter.
8) It will write the file to memory. Press anything to continue.
9) Two new options should come up, type in h for "Hook call at region" and hit enter
10) HPJnotes.txt tells us that we need to set it to "call," so type in the letter y, and hit enter.
11) It is asking for the locale, again HPJnotes.txt tells us that the locale is 4273625. So type in that number, and hit enter.
12) It is asking for the shift size, again HPJnotes.txt tells us that the shift size is 1. So type in 1, and hit enter.
13) it will say success, viola, etc.



* Notes- after you have successfully executed, or hook-call/jump'd the injected opcodes, you can close it, since its running internal to doukutsu.exe
* More notes- I didn't make this app for cave story, I've used it for like.. everything but cave story so far. I beat age of empires act 1, 2, and 3 on the hardest difficulty and I am not satisfied with it (not hard enough). So I decided to make some asmij files for cave story.


* Since ive hardly used my injector on cave story, youre probably gonna get problems, so post problems you get and such. Enjoy, if you can.

edit: By the way, is balrog a guy? If so, then curly is a hella lucky girl at the end of the full ending after you kill ballos. Lol @ "Can i come with you both too?" Two guys, hmm, thats too bad though. Oh well, what can you do?

 

WHY don't you just make a modification and release a binary patch? e.g ( http://en.wikipedia.org/wiki/Delta_encoding http://en.wikipedia.org/wiki/Xdelta ). Do you really think people here will go through such lengths only to patch Doukutsu.exe while it's running? And another thing, it had been nice for those that know assembly (or want to learn) that you also post some actual code

 

Too lazy to read your links, sides, I use this app all the time easily. I'm not gonna go out of my way to bend over for your lazy ass. Frankly, I tend to like my applications, and am too lazy to just simply modify the game. Sides, the way that I hacked it, it can't be modified, because its allocated, and I can't be assed to allocate during initialization. May occur a better way to make the mod, in either case, I don't care. Jesus. Like I said, this app wasnt made just for you, and it has other uses as well, so don't expect it to be all happy and everything. If you care, then use it, if you don't then don't use it. Only released it so someone out there might potentially have fun with it.


Smarts.

 

Well...it works. I'm not really sure the point of it though, but I'll mess with it.
The hack also makes the whimsical star try and do damage to walls.

 

[Release]

Omfg..... I'd rather use Hex editor to edit all weapons to pass through walls...

 

The difference: this passes walls on every OTHER shot.


edit: It's very possible to make this a binary mod, but why would you bother assembling in a region that looks like it isn't being used. That can cause all sorts of problems. Allocation = the correct, and safe method.

 

The difference: this passes walls on every OTHER shot.


edit: It's very possible to make this a binary mod, but why would you bother assembling in a region that looks like it isn't being used. That can cause all sorts of problems. Allocation = the correct, and safe method.

Ohs... you mean alternate huh...

Oh cool but its too much trouble... =S

 

For the record, the entire first post can be condensed to this:

1) Target doukutsu.exe
2) Inject/Allocate file "STW.asmij"
3) Read, and do what STWnotes.txt says


edit: heres your source for the people "wanting to learn"
http://phytress.digital-haze.net/RE/ASMIJ/PtINAa26.html



It's missing required object files, but you should be able to know whats missing, and how to reconstruct it, if not, run ollydbg on it or something. It's an older compilation, but that shouldn't stop anyone of this board's caliber, apparently knowing better ways to do the already simple.

 

If you won't stop acting arrogant and being like "Ohhhh, that's all? I can do that in 3 minutes!" then I close your threads my dear friend

Too lazy to read your links, sides, I use this app all the time easily. I'm not gonna go out of my way to bend over for your lazy ass.

I hate the word. But you're surely a hypocrite

 

I'm going to make everyone use my obscure program to make modifications to running programs, because I need the attention, and because I'm too lazy to actually post some findings. And, oh yeah, I'm going to flame everyone who think it's not a good idea, because that's an direct attack on me.

There, I fixed it for you

 

I recall posting "If you want to use it, then do so, if you don't then don't."



If it's that big of a bother to you, then lock the thread, life goes on.
edit: obscure program? ha, ever hear what programs are used for?
To make repetitive jobs simpler. It simply forms a hook at a specified address,
oh but I'm sure you don't know what a hook is cause you're being so defensive
when you hear terms you don't understand.


I simply found where it uses TranslateMessage/DispatchMessage, something
that is used in windows MSG handling. I found the return statement, so instead
of creating a thread, constantly writing and reading, I can use the FPS limiter
because that function is only called so much. That keeps doukutsu.exe from
going crazy.

I shifted the return statement (1 byte) into the nops/int3s, and called
my function in the now unused area.

The app, where its applying a hook, can nop the region for you, making me
do less work.


The function is allocated, I don't know of ANY easier way to describe this.
It's simple that you just don't care to read that sentence, thats why the
hack just can't be simple.



Only way I can get this across is to outwardly flame I guess.
Only noobs don't understand how useful it is to have an unlimited amount
of workspace in any application.

Lol, imo, I love having every other shot go through walls, it might just be
something that only I would go and bother with.

edit: the idea of relative jumping means that instead of calling the function,
you can perform a jump to that allocated area instead, and this app appends
a jump back onto the assembly track for you, like I said, it makes
repetitive things simpler by calculating for you. Read the main object and
it should be more than apparent... assuming you even know C/C++

 

lawl. srsly, stop with the bickering.

 

It's simple, they want to see what I did, and they have the right to. So if you don't want to use the application, this is what I did.

First is first, locate calls to TranslateMessage, and the area where it loads the flagged bytes for weapon abilities.


Keep in mind our values, where its loading is 40405A, and lets look at our
(probably a callback) function that handles the windows MSGs.

Note at 4135DA theres enough room to call a function, and at 4135D9, theres our RETN, which is one byte.

Allocate some memory into the program, I don't care how to you do it, I use my app, but we're not allowed to use that for some reason.

Ways to allocate would be to create your own allocater, or attempt to allocate while cave story initializes, and store that pointer in some way until now.

Write the following instructions to that allocated memory.

mov dword ptr[0x49E6E8],50
mov dword ptr[0x49E6CC],9999
mov dword ptr[0x49E6D4],9999
mov dword ptr[0x49E6D0],9999

Call that function where RETN is, and shift that RETN after the call,
dont forget your relative calculations, or use an absolute call, idk, it
exists in ppc.


This way, you have unlimited jetpack, and 9999 HP being constantly written, but also being limited by an FPS because only so few times is that function called because it too is limited by FPS (frames per second).


The shoot through walls is a little tougher, although it too is simple.
Allocate memory again, and write the following function

MOV EDX,DWORD PTR [EAX+48F050]
XOR DWORD PTR[EAX+48F050],0x04

In our region where it is loading the current weapon flags into edx (40405A), nop that entire area. You must nop it, because this opcode has a larger size than the call opcode, and not nop-ing it will cause you to read an opcode which was actually a parameter, ruining your game.

the instruction size is 6, so nop all of that.

Jump to our allocated function, make sure your calculations are correct, use my prog- oh wait, can't use that. Use my source instead, its basically the same thing as my app. Make sure your calculations are correct.

Once its jumped to, go back to your function, and append a relative jump back onto track, remember this value never stays the same, because allocation allocates memory, meaning your region keeps changing. Try an absolute jump, it exists in ppc, too lazy to check x86.

edit: that last image should say jump, oh well. My second AoE3 expansion just finished, yay.

 

lawl. srsly, stop with the bickering.

You people should srsly just be quiet when someone starts it, talking about it and trying to stop it all the time get's a little boring with the time, since it's accomplishing nothing, it's just wasting time, and don't you think you could do better things in your free time?

 

You people should srsly just be quiet when someone starts it, talking about it and trying to stop it all the time get's a little boring with the time, since it's accomplishing nothing, it's just wasting time, and don't you think you could do better things in your free time?

He mods! D:

 

You people should srsly just be quiet when someone starts it, talking about it and trying to stop it all the time get's a little boring with the time, since it's accomplishing nothing, it's just wasting time, and don't you think you could do better things in your free time?

Hm, free time? Oh right, *opens Mozilla Firefox*.

He mods! D:

lawl. And you keep going "WAIT", "OMG", "OMFG" or "LOL" everytime you find a bug. >.<

 

This one is my personal favorite:

"Every shot does random damage, in between 1 and 13"
Injection file= http://phytress.digital-haze.net/RE/ASMIJ/CS/ShotRand.asmij
notes= http://phytress.digital-haze.net/RE/ASMIJ/CS/ShotRandnotes.txt


This is similar to shoot through walls,
it requires a hook, and its a jump hook.

method: hooked jump
Relative Return= Yes
locale: 4210698
Shift memory= 0
Nop size= 7


Its actually amusing.. all of your weapons do random damage (none heal though, but it seems like a fun idea, make it yourself)


Anyway, I guess thats the last asmij file im releasing (reason I made it is to show the workability of this app in doing some crazy programming for doukutsu) BECAUSE age of empires is amusing again. After aoe, i think ill find another game to mess with. See you guys when i get bored again (probably in like two months or something).